JP4129783B2 - Remote access system and remote access method - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to a remote access system and a remote access method for accessing a predetermined resource from a remote location.
[0002]
[Prior art]
In recent years, various devices such as information home appliances that can be connected to a network have been developed, and accordingly, networks targeting various devices including a home network are being constructed. In addition, depending on the situation, mobile phones and mobile information possessed by the user with respect to various information home appliances or various information processing terminals such as personal computers or server devices provided indoors from remote locations such as outdoors Various services that can be enjoyed by remote access using a device such as a terminal (Personal Digital Assistants; PDA) have been proposed.
[0003]
In such a service, it is essential to manage authentication and access rights in order to eliminate unauthorized user access to hardware and software such as server devices that provide the service, and various resources such as data. Has been.
[0004]
[Problems to be solved by the invention]
Incidentally, some of the services described above have already been implemented, and an authentication mechanism is individually constructed. However, in such a service, an authentication method including authority (operation) for each individual unit has not been established yet.
[0005]
In addition, as a method of authority management for each individual, there is an authentication method using a so-called ID (IDentification) password. However, in this authentication method using an ID password, the mechanism becomes very complicated and the processing load is heavy. There was a problem.
[0006]
The present invention has been made in view of such circumstances, and by performing authority management using a so-called attribute certificate (AC), the device itself that accesses resources when performing remote access. It is an object of the present invention to provide a remote access system and a remote access method capable of easily and safely performing control in units of authority for each resource to be accessed as well as entities such as the above.
[0007]
[Means for Solving the Problems]
A remote access system according to the present invention that achieves the above-described object is a remote access system that accesses a predetermined resource from a remote location, and the remote access system includes an access target device to be accessed and the access An access device that accesses the target device, and a connection device that acts as a proxy for the access target device with respect to the access device, and the access device has an access right to the resource Proxy information for the connected device to serve as a proxy for the access target device Is described attribute Storage means for storing a certificate, and the storage means stored in the storage means attribute Certificate Connected equipment Against Send Present First Presenting means, and the connection device includes: Second presenting means for transmitting and presenting the attribute certificate received from the access device to the access target device designated as the access target The access target device includes: Based on the verification result by the verification unit, the verification unit for verifying the access authority and the content of the proxy information described in the attribute certificate received from the connected device, Determination means for determining access permission of the access device to the resource When It is characterized by having.
[0008]
In such a remote access system according to the present invention, at least the access authority to the resource is described in the certificate, and the certificate is transmitted from the access device to the access target device through the connected device and presented, Verify access device access.
[0009]
In addition, the remote access method according to the present invention that achieves the above-described object includes an access target device to be accessed, an access device that accesses the access target device, and the access target device for the access device. A remote access method for accessing a predetermined resource from a remote location in a remote access system comprising a connected device that acts as a proxy for the access device, wherein the access device has an access right to the resource Proxy information for the connected device to serve as a proxy for the access target device Is described attribute The certificate is stored in the storage means, and the certificate stored in the storage means attribute Certificate Connected equipment And the connected device is The attribute certificate received from the access device is transmitted and presented to the access target device designated as the access target The access target device is The access authority and the proxy information described in the attribute certificate received from the connected device are verified, and the verification result The access permission of the access device to the resource is determined based on the above.
[0010]
In such a remote access method according to the present invention, at least an access right to a resource is described in a certificate, and this certificate is transmitted from an access device to an access target device via a connected device and presented. Verify access device access.
[0011]
DETAILED DESCRIPTION OF THE INVENTION
Hereinafter, specific embodiments to which the present invention is applied will be described in detail with reference to the drawings.
[0012]
This embodiment is a remote access system that accesses a predetermined resource from a remote location. This remote access system is based on ISO (International Organization for Standardization) / IEC (International Electrotechnical Commission) 9594-8, or ITU-TX. By performing authority management using an attribute certificate (AC) based on 509, when performing remote access, not only entities such as the device itself that accesses the resource, but also authority for each resource to be accessed Control in units can be easily performed. In addition, when using an attribute certificate, this remote access system sends and receives the attribute certificate between the resource and a device that attempts to access the resource via a gateway that is the entrance of the network to which the resource belongs. By doing this, it is possible to check the route of sending the attribute certificate and improve the security.
[0013]
First, prior to the description of the remote access system, an outline of a public key certificate (PKC), which is an electronic certificate used in the remote access system, and the attribute certificate described above will be described.
[0014]
First, the public key certificate will be described. The public key certificate is issued by a certificate authority (CA) or issuer authority (IA) which is an independent predetermined third party in the so-called public key cryptosystem.
[0015]
Here, the public key cryptosystem will be described. In the public key cryptosystem, the sender and receiver have different keys, one key is a public key that can be used by an unspecified user, and the other key is a secret key that keeps it secret. Unlike the so-called common key cryptosystem, which uses a common key for encryption and decryption, the public key cryptosystem is compared with the common key cryptosystem because a specific one person has a secret key that needs to be kept secret. This is advantageous for key management. A typical public key cryptosystem is a so-called RSA (Rivest-Shamir-Adleman) cipher. This RSA cipher utilizes the difficulty of prime factorization processing of a product of two very large prime numbers of about 150 digits, for example.
[0016]
Public key cryptography is a method that allows a public key to be used by an unspecified number of users, and a method using a public key certificate is widely used to prove whether or not a public key to be distributed is valid. It is used. For example, in the public key cryptosystem, a public key and a private key paired by a specific user A are generated, and the generated public key is sent to a certificate issuing certificate authority to obtain a public key certificate The public key certificate is made public. On the other hand, an unspecified user acquires a public key through a predetermined procedure based on a public key certificate, encrypts a plain text document, etc., and sends it to a specific user A. Then, the user A performs processing such as decrypting an encrypted document sent from an unspecified user using a secret key. The public key encryption method is such an encryption method.
[0017]
In public key cryptography, user A adds a signature to a plain text document using a secret key, and an unspecified user passes a predetermined procedure based on a public key certificate to obtain a public key. It is possible to obtain and verify the signature. For example, in the public key cryptosystem, when the certificate issuing certificate authority refers to the public key certificate to determine the public key, an arbitrary plain text document or the like is sent to the user A and encrypted using the private key. And send it back again. The certificate issuing certificate authority can verify the validity of the signature by decrypting the encrypted document sent from the user A using the public key.
[0018]
A public key certificate in such a public key cryptosystem is submitted by the certificate issuing CA to the certificate issuing CA by submitting information, public key, etc. for the user as an administrator to identify himself / herself. It is created by adding information for identifying the certificate issuing certificate authority, information such as the expiration date, and adding a signature by the certificate issuing certificate authority.
[0019]
Specifically, the public key certificate has a format as shown in FIGS. In the figure, items for each field constituting the public key certificate and explanations for these items are described.
[0020]
The version (version) shown in FIG. 1 is a field for describing version information of the format of the public key certificate. For example, when the format is version 3, “2” indicating version 3 is described.
[0021]
The serial number is a field that describes the serial number of the public key certificate set by the certificate issuing certificate authority, and describes, for example, a sequential number.
[0022]
The signature algorithm identifier and algorithm parameter (signature algorithm Identifier algorithm parameters) are fields describing information for identifying the signature algorithm of the public key certificate and its parameters. As the signature algorithm, for example, there is elliptic curve encryption or RSA encryption. When elliptic curve encryption is applied as the signature algorithm, parameters and key lengths are described as algorithm parameters, and RSA encryption is applied as the signature algorithm. If it is, the key length is described as an algorithm parameter.
[0023]
The issuer (issuer) is a field described in a format (Distinguished Name) that makes it possible to identify the name of the issuer of the public key certificate, that is, the certificate issuing certificate authority.
[0024]
The validity period (validity) is a field that describes a start date and time (not Before) and an end date and time (not After), which are validity periods of the public key certificate.
[0025]
The subject (subject) is a field that describes the name of an authentication subject who is a user. For example, an identifier of a user device or an identifier of a service provider is described.
[0026]
The subject public key information (subject public key information subject public key) is a field that describes a key algorithm as the user's public key information and the key information itself. Examples of the key algorithm include elliptic curve cryptography and RSA cryptography. .
[0027]
Each of these fields is a field included in the public key certificate format version 1 or later version, and each field shown below is a field added to version 3 version.
[0028]
The certificate authority key identifier (authority key identifier-key identifier, authority Cert Issuer, authority Cert Serial Number) is information for identifying the key for verifying the signature of the certificate issuing certificate authority, and is a key identification number in octal notation. The field describes the name of the certificate issuing certificate authority in the general name format and the authentication number.
[0029]
The subject key identifier is a field describing an identifier for identifying each key when a plurality of keys are proved in a public key certificate.
[0030]
The key usage (key usage) is a field for specifying the purpose of use of the key. (0) Digital signature (1) Digital signature (1) Non-repudiation (2) Key encryption (Key Encipherment), (3) Message encryption (data Encipherment), (4) Common key distribution (key Agreement), (5) Authentication signature verification (key Cert Sign), (6) Revocation list Use for signature verification (CRL Sign), (7) key agreement (key agreement) only for data encryption (encipher only), and (8) key exchange only for decryption (decipher only) The purpose is set.
[0031]
Private key usage period (private key usage period) is a field that describes the start date and time (not Before) and end date and time (not After), which are the expiration dates of the private key that the user has. By default, the public key certificate The expiration date, the expiration date of the public key, and the expiration date of the secret key are the same.
[0032]
The certificate authority policy (Certificate Policy) shown in FIG. 2 is a field that describes the certificate issuing policy of the certificate issuing certificate authority. For example, a policy ID (policy identifier) or authentication standard (compliant with ISO / IEC 9834-1) policy Qualifiers).
[0033]
Policy Mappings is a field that is described only when authenticating a certificate issuing certificate authority. The policy of the certificate issuing certificate authority that issues the certificate (issuer Domain Policy) and the subject policy (subject) Specify mapping with Domain Policy.
[0034]
“Supported Algorithms” is a field for defining attributes of the directory (X.500). The support algorithm is used to notify the attribute in advance when a communication partner uses directory information.
[0035]
The subject alternative name (subject Alt Name) is a field that describes a user alternative name in a general name format.
[0036]
The issuer alias (issuer Alt Name) is a field that describes an alias of the certificate issuer.
[0037]
A subject directory attribute (subject Directory Attributes) is a field describing arbitrary attributes of a user.
[0038]
The basic constraints (basic constraints) is a field for distinguishing whether the public key to be certified is for the signature of the certificate issuing certificate authority or the user.
[0039]
The permitted subtree constraint name (name Constraints permitted Subtrees) is a field indicating the valid area of the public key certificate used only when the person to be authenticated is a certificate issuing certificate authority.
[0040]
The constraint policy (policy Constraints) is a field describing a restriction that requires a clear authentication policy ID or prohibition policy map for the rest of the authentication path.
[0041]
CRL reference point (Certificate Revocation List Distribution Points) is a field that describes a revocation list reference point for confirming whether or not this public key certificate has been revoked when the user uses the public key certificate. It is.
[0042]
The signature is a signature field of a public key certificate issuer, that is, a certificate issuing certificate authority. An electronic signature is data generated by applying a so-called hash function to the entire public key certificate and encrypting this hash value with the private key of the certificate issuing certificate authority. is there.
[0043]
The Certificate Issuing Certification Authority issues a public key certificate in such a format, updates the public key certificate that has expired, and creates a list of fraudsters for rejecting fraudulent users. Create, manage, and distribute, that is, revocation. Further, the certificate issuing certificate authority also generates a public key and a private key as necessary.
[0044]
On the other hand, a user who uses this public key certificate verifies the electronic signature of the public key certificate using the public key of the certificate issuing certificate authority that he / she owns. A public key is obtained based on the certificate, and this public key can be used. Therefore, all users who use the public key certificate need to acquire whether they have the public key of the certificate issuing certificate authority that issued the public key certificate.
[0045]
In the remote access system, each public entity holds such a public key certificate as will be described later.
[0046]
Next, the attribute certificate will be described. The attribute certificate is issued by an attribute authority (AA) which is a local organization different from the certificate issuing certificate authority.
[0047]
The attribute certificate has a format as shown in FIGS. In the figure, items for each field constituting the attribute certificate and explanations for these items are described.
[0048]
The version (version) shown in FIG. 3 is a field that describes version information of the format of the attribute certificate. For example, when the format is version 2 (1), “1” indicating version 2 (1) is described. Is done.
[0049]
The holder is a field for specifying the owner of the public key certificate to which the attribute certificate is linked. The holder includes the issuer name (issuer) of the public key certificate possessed by the owner of the attribute certificate, and the serial number of the public key certificate possessed by the owner of the attribute certificate as the base certificate ID. (Serial) describes a unique identifier (issuer UID) for identifying the issuer of the public key certificate possessed by the owner of the attribute certificate. The holder describes the name of the owner of the attribute certificate that is the same as the subject or subject alternative name (subject Alt Name) in the public key certificate. Furthermore, assuming that the attribute certificate is not linked to identification information (identity) or public key certificate in the future, for example, the object digest information (object Digest Info) in which the hash of the public key is described is included in the holder. ) Is described.
[0050]
The issuer (issuer) is a field for designating information of an issuer who has signed the attribute certificate.
[0051]
The signature is a field describing an identifier for identifying an algorithm used to validate the signature of the attribute certificate.
[0052]
The serial number is a field that describes a serial number that the attribute authority assigns to each attribute certificate.
[0053]
The attribute certificate validity period (attr Cert Validity Period) is a field that describes a start date and time (not Before) and an end date and time (not After) that are the validity period of the attribute certificate.
[0054]
The attributes shown in FIG. 4 are fields that describe information related to the privileges of the owner of the attribute certificate. For example, an object to which access is permitted by text may be described, and prepared by the system side. A code that can be accessed may be described, or a key for encrypting a certain plaintext may be described. For example, the attribute includes authentication information (Service Authentication Information) related to a service used when the attribute certificate verifier authenticates the owner of the attribute certificate, and the attribute certificate used by the attribute certificate verifier. Access permission information of the owner (Access Identity), information for identifying the owner of the attribute certificate for charging (Charging Identity), and information indicating the attribution relationship of the owner of the attribute certificate to the group (Group) In addition, information (Role) indicating the role given to the owner of the attribute certificate and information (Clearance) regarding permission to use the secret information for the owner of the attribute certificate are described.
[0055]
The issuer unique identifier (issuer Unique ID) is a field used when specified by the public key certificate of the issuer of the attribute certificate.
[0056]
Extension information is a field that describes attribute certificate information, not attribute certificate owner information, and the server and / or service administrator audits the attribute certificate owner to verify fraud. Information used for detection, that is, identification (Audit Identity), information indicating the server and / or service targeted by the attribute certificate (AC Targeting), and signature verification of the attribute certificate by the verifier of the attribute certificate Information indicating the key information (Authority Key) of the issuer of the attribute certificate, which is auxiliary information, and URI (Uniform Resource Identifiers) of the OCSP responder, which is auxiliary information for checking the revocation status of the attribute certificate by the verifier of the attribute certificate (Authority Information Access), indicates the URI of the CRL (Certificate Revocation List) distribution point, which is auxiliary information for checking the revocation status of the attribute certificate by the verifier of the attribute certificate Information (CRL Distribution), information indicating that there is no revocation information corresponding to the attribute certificate (No Revocation), entity that can be used when the submitter is other than the owner and can submit the attribute certificate Information (Proxy Info) to be indicated is described.
[0057]
The signature (signature value) is a field describing a signature attached by the attribute certificate authority.
[0058]
In the remote access system, as will be described later, by holding an attribute certificate having such a format in each entity, it is possible to verify what authority is granted to a certain entity.
[0059]
The remote access system is constructed using the public key certificate and attribute certificate as described above.
[0060]
A remote access system using these public key certificates and attribute certificates will be described below.
[0061]
First, the concept of the remote access system will be described. Here, for convenience of explanation, various information home appliances provided in the home, various information processing terminals such as personal computers, or server devices are targeted for access, and mobile phones and portable information terminals are connected to these devices. A description will be given assuming that a user having a portable device such as (Personal Digital Assistants; PDA) accesses from outside.
[0062]
The remote access system is an ITU-T (International Telecommunication Union-Telecommunication sector). By a privilege proxy function using an attribute certificate, which is one of PMI (Privilege management Infrastructure) functions defined in 509, control is performed in units of privileges for each resource to be accessed.
[0063]
Here, the authority proxy function will be described with reference to FIG.
[0064]
As shown in the figure, an authority asserting server AS that asserts the authority of the client CL is interposed between the client CL that holds the attribute certificate AC and the authority verifying server VR that verifies the authority of the client CL. Think of a system to do.
[0065]
In this case, when the client CL tries to access the authority verifying server VR, the client CL presents the attribute certificate AC to the authority claiming server AS, and the authority claiming server AS responds accordingly. The attribute certificate AC presented from the client CL is presented to the authority verification side server VR.
[0066]
However, in this case, since the attribute certificate AC presented by the authority claiming server AS is not the attribute certificate of the authority claiming server AS, the authority verification server VR returns a verification result indicating that access is not permitted. Will be put out. That is, in such a system, since authority is claimed and verified between devices that directly exchange attribute certificates, the client CL will assert its own authority to the authority verifying server VR. In this case, it is necessary to present the attribute certificate AC directly from the client CL to the authority verification server VR.
[0067]
Therefore, in such a system, the proxy information (Proxy Info) in the extension information (extensions) shown in FIG. 4 is used. As described above, this proxy information is used when the attribute certificate submitter is other than the owner, and is information indicating an entity that can submit the attribute certificate.
[0068]
Therefore, in such a system, when the client CL tries to access the authority verification server VR, the proxy information indicating that the authority verification server VR is included as an entity that can submit the attribute certificate is provided. The described attribute certificate AC is presented to the authority claiming server AS. In response, the authority claiming server AS sends the attribute certificate AC presented from the client CL to the authority verification server VR. Present.
[0069]
Thereby, the authority verification server VR verifies the attribute certificate AC with reference to the proxy information in the attribute certificate AC presented from the authority asserting server AS, and outputs a verification result indicating that access is permitted. Is possible.
[0070]
As described above, in the system in which the authority claiming server AS that asserts the authority of the client CL is interposed between the client CL that holds the attribute certificate AC and the authority verifying server VR that verifies the authority of the client CL. By describing the submission destination of the attribute certificate AC in the proxy information, the client CL can access the authority verification side server VR.
[0071]
The remote access system uses such an authority proxy function. Conceptually, as shown in FIG. 6, the remote access system includes a certificate issuing certificate authority CA that issues the public key certificate described above, an attribute certificate authority AA that issues the attribute certificate described above, and an access authority. Target target device 10 ₁ , 10 ₂ And these target devices 10 ₁ , 10 ₂ Home gateway 20 that is an interface for mutually connecting a home network to which the device belongs and another network, and target device 10 ₁ , 10 ₂ The mobile device 30 possessed by the user in order to access is provided as an entity.
[0072]
The certificate issuing certificate authority CA is an independent predetermined third party in the public key cryptosystem, and is ISO / IEC 9594-8 or ITU-T X.264. A public key certificate which is an electronic certificate based on 509 is issued. Specifically, the certificate issuing certificate authority CA creates a public key certificate PKC. _T1 , PKC _T2 , Each of the target devices 10 ₁ , 10 ₂ And public key certificate PKC _G Is issued to the home gateway 20 and the public key certificate PKC _M Is issued to the mobile device 30. Various forms of issuing this public key certificate are conceivable. For example, the target device 10 ₁ , 10 ₂ It is conceivable to embed the data as data when manufacturing the home gateway 20 and the portable device 30.
[0073]
The attribute authority AA is a local institution that is logically different from the certificate issuing authority CA, and issues an attribute certificate that is an electronic certificate used for authority management. The attribute certification authority AA is a public key certificate PKC issued to the home gateway 20 from the certificate issuing certification authority CA. _G Thus, the home gateway 20 is authenticated. Then, the attribute certificate authority AA sends the attribute certificate AC to the mobile device 30 at the first connection after the home gateway 20 crosses the user side. _P Attribute certificate AC for granting permission to issue _L Is issued to the home gateway 20. This attribute certificate AC _L Will be described in detail later.
[0074]
Target device 10 ₁ , 10 ₂ These correspond to the authority verification server VR in FIG. Target device 10 ₁ , 10 ₂ Are assumed to be, for example, various information home appliances connectable to a network, various information processing terminals such as personal computers, or server devices such as home servers, and are devices constituting a home network. Note that the resource in the present invention refers to these target devices 10 that log in, as will be described later in a specific application example. ₁ , 10 ₂ In some cases, the target device 10 ₁ , 10 ₂ Is a concept including data such as a file held by the device and other various types of information. ₁ , 10 ₂ It will be described as a resource itself. Target device 10 ₁ , 10 ₂ Are public key certificates PKC issued by a certificate issuing CA. _T1 , PKC _T2 Hold these public key certificates PKC _T1 , PKC _T2 Is used for mutual authentication with the home gateway 20. Also, the target device 10 ₁ , 10 ₂ Are attribute certificates AC transmitted when the mobile device 30 is accessed. _P Is received via the home gateway 20 and this attribute certificate AC is received. _P Perform verification.
[0075]
The home gateway 20 corresponds to the authority claiming server AS in FIG. The home gateway 20 includes a concept such as a so-called home router, firewall, and / or bridge, for example, and is a device corresponding to the entrance of a network that enables connections between networks of different protocols. ₁ , 10 ₂ Functions as an interface for mutually connecting the home network to which the network belongs and other networks. The home gateway 20 uses the public key certificate PKC issued by the certificate issuing certificate authority CA. _G Holds this public key certificate PKC _G Target device 10 using ₁ , 10 ₂ Mutual authentication is performed between the mobile device 30 and the attribute authority AA. Further, the home gateway 20 sends an attribute certificate AC to the mobile device 30. _P Attribute certificate AC for granting permission to issue _L Is issued by the attribute authority AA, this attribute certificate AC _L Holds this attribute certificate AC _L Based on the attribute certificate AC for the mobile device 30 _P Is issued. This attribute certificate AC _P Will be described in detail later. Further, the home gateway 20 uses the attribute certificate AC transmitted from the mobile device 30. _P When this attribute certificate AC is received _P The target device 10 ₁ , 10 ₂ Send to each and present.
[0076]
The portable device 30 corresponds to the client CL in FIG. The mobile device 30 is a device such as a mobile phone or a portable information terminal owned by a user who is outdoors, and can be connected to the home gateway 20 via a non-secure network NT such as the so-called Internet. The portable device 30 is a public key certificate PKC issued by a certificate issuing certificate authority CA. _M Holds this public key certificate PKC _M Is used for mutual authentication with the home gateway 20. Moreover, the portable device 30 is the target device 10 as a resource. ₁ , 10 ₂ Attribute certificate for authenticating access to each _P Is issued by the home gateway 20, this attribute certificate AC _P Is stored in an IC (Integrated Circuit) card or the like. And the portable device 30 is the target device 10. ₁ , 10 ₂ Attribute certificate AC stored in an IC card or the like when attempting to access each of the _P This attribute certificate AC is obtained by performing a login operation using _P Is sent to the home gateway 20 and presented.
[0077]
In such a remote access system, as described above, two attribute certificates AC _L , AC _P Is used.
[0078]
First, attribute certificate AC _L Will be described.
[0079]
Attribute certificate AC _L As described above, the attribute certificate AC is sent to the mobile device 30. _P Is issued to the home gateway 20 from the attribute certification authority AA. For example, this attribute certificate AC _L Includes an object ID (OID) registered as a type in FIG. 7 and excerpts of examples of values, and among the fields in the attributes shown in FIG. _L Using the information (Role) indicating the role given to the home gateway 20 as the owner of the attribute certificate AC for the mobile device 30 _P It is possible to describe information indicating that permission is granted to be issued.
[0080]
Here, the concept of “Role” will be described.
[0081]
The method of authority management using the concept of “Role” is described in Japanese Patent Application No. 2002-029636 filed earlier by the present applicant.
[0082]
That is, in this authority management method, conceptually, for example, as shown in FIG. ₁₁ , AU ₁₂ , ..., AU ₂₁ , AU ₂₂ A single role (role) is defined as a framework for defining predetermined authority such as. ₁ , R ₂ For example, individual M ₁ , M ₂ , M ₃ At least one person such as this role R ₁ , R ₂ It belongs to.
[0083]
In this authority management method, each individual M ₁ , M ₂ , M ₃ Each of the attribute certificates possessed by ₁ , M ₂ , M ₃ A role assignment certificate RAAC in which information indicating a role to which the user belongs is issued by the attribute authority AA and is an attribute certificate issued for each role. A role specification certificate RSAC in which information indicating the authorized authority is described is issued by a role authority RA. The role certification authority RA may be the same as the attribute certification authority AA, but here it is assumed that it is a logically independent organization for convenience of explanation.
[0084]
In this authority management method, the role definition certificate RSAC issued by the role certification authority RA is used for the definition of each role. That is, in this authority management method, a permitted procedure is defined for each role, but this information is described in the role definition certificate RSAC issued by the role certification authority RA.
[0085]
This role definition certificate RSAC is created according to the format of the attribute certificate shown in FIGS. 3 and 4, and at least the name of the role certification authority RA that is the issuer of the role definition certificate RSAC. Various information such as information indicating role, role information such as a role name for identifying a role, information indicating a code or operation name and information indicating an allowed operation are described by the system.
[0086]
In the remote access system, the attribute certificate AC for the mobile device 30 is used. _P A role definition certificate RSAC in which various information including information indicating that permission to issue is given is issued by the role certification authority RA, and the authority AU ₁₁ , AU ₁₂ , ..., AU ₂₁ , AU ₂₂ ,..., That is, the target device 10 in FIG. ₁ , 10 ₂ Holds this role definition certificate RSAC.
[0087]
On the other hand, in this authority management method, the role assignment certificate RAAC issued by the attribute certificate authority AA is used for the role assignment to each role. That is, in this authority management technique, the individual M ₁ , M ₂ , M ₃ Each role is defined for each, and this information is described in the role assignment certificate RAAC issued by the attribute authority AA.
[0088]
This role assignment certificate RAAC is created according to the format of the attribute certificate shown in FIGS. 3 and 4 in the same manner as the role definition certificate RSAC. Information indicating the name of the attribute certification authority AA as an issuer, role information such as a role name for identifying the role, and a reference point to the role definition certificate RSAC for associating with the corresponding role definition certificate RSAC Various information such as information indicating the name of the role certification authority RA as information is described.
[0089]
In the remote access system, the role assignment certificate RAAC in which such various information is described is the attribute certificate AC. _L Issued by Attribute Certification Authority AA ₁ , M ₂ , M ₃ That is, in FIG. 6 shown above, the home gateway 20 holds the role assignment certificate RAAC.
[0090]
In the remote access system, the attribute certificate AC is given to the mobile device 30 by using such a concept of “Role”. _P Attribute certificate AC describing information indicating that permission to issue _L Can be issued to the home gateway 20 by the attribute certificate authority AA. Thus, in the remote access system, this attribute certificate AC _L Attribute certificate AC by home gateway 20 holding _P Can be issued to the mobile device 30.
[0091]
In the remote access system, the attribute certificate AC for the mobile device 30 is used. _P Attribute certificate AC indicating that permission to issue _L The attribute certificate AC _L Rather than using information (Role) indicating the role given to the home gateway 20 as the owner of the attribute certificate, the verifier of the attribute certificate among the fields in the attributes shown in FIG. The authentication information (Service Authentication Information) related to the service used to authenticate the owner, the access permission information (Access Identity) of the owner of the attribute certificate used by the attribute certificate verifier, etc. Can also be described.
[0092]
In the remote access system, the attribute certificate AC is used by using the authority delegation extension. _P You may make it control the object and authority which issue. For example, in the remote access system, the attribute certificate AC is sent to the home gateway 20 from the mobile device 30 using the Basic Attribute Constraints extension. _P It can be considered that the home gateway 20 is set not to permit authority delegation.
[0093]
As described above, in the remote access system, the attribute certificate AC is supplied to the mobile device 30. _P There are various methods for giving the home gateway 20 permission to issue the password.
[0094]
Next, attribute certificate AC _P Will be described.
[0095]
Attribute certificate AC _P Describes the authority for a device or user holding a certain public key certificate. Here, the public key certificate PKC _M As an authority for the portable device 30 that holds the target device 10 as a resource ₁ , 10 ₂ The information to permit access to each of these is described. For example, this attribute certificate AC _P Includes the attribute certificate AC among the fields in the attributes shown in FIG. _P Target device 10 as verifier ₁ , 10 ₂ Each of the attribute certificate AC _P Authentication information (Service Authentication Information) related to the service used when authenticating the owner _P Target device 10 as verifier ₁ , 10 ₂ The attribute certificate AC used by each _P If there is an access target, an accessible operation (authority), and authentication information for access using the access permission information (Access Identity) of the owner, the authentication information can be described. Also, attribute certificate AC _P 9 includes an object ID (OID) registered as a type in FIG. 9 and an excerpt of an example of critical or value. Among the fields in the extension information (extensions) shown in FIG. (Proxy Info), the attribute certificate AC _P Information of the home gateway 20 that passes through is described.
[0096]
Here, the proxy information is specifically described as shown in FIG.
[0097]
Attribute certificate AC _P Describes the address and identifier for identifying the home gateway 20 as a target in such proxy information, and the public key certificate PKC held by the home gateway 20 _G Is described.
[0098]
As described above, in the remote access system, as the authority for the mobile device 30, the target device 10 as a resource is used. ₁ , 10 ₂ Attribute certificate AC in which information for permitting access to each of the gateways 20 is described and information on the home gateway 20 is described as proxy information. _P Can be issued from the home gateway 20 to the portable device 30. Thus, in the remote access system, the target device 10 ₁ , 10 ₂ Respectively, this attribute certificate AC _P Is received via the home gateway 20, the target in the proxy information is verified and the attribute certificate transmitted from the home gateway 20 is verified.
[0099]
Now, in such a remote access system, specifically, as shown in FIG. 11, when a preparation phase P1 for constructing the remote access system is performed, an arbitrary portable device is accessed for a resource. A registration phase P2 for registering as a device to be performed is performed. Thus, in the remote access system, the registered mobile device can perform any operation, and when the mobile device actually performs any operation, the access phase P3 is performed. In the remote access system, if necessary, an access deletion phase P4 for excluding any portable device from a device accessing the resource, or an access changing phase for changing the authority of any portable device. P5 is performed.
[0100]
Hereinafter, each of these five phases will be described.
[0101]
First, the preparation phase P1 will be described.
[0102]
In the remote access system, as a preparation phase P1 for constructing the remote access system, a public key for authentication is issued to each entity by the certificate issuing certificate authority CA so that the entities can perform mutual authentication. Issue a certificate. That is, in the remote access system, as described above, the public key certificate PKC is issued by the certificate issuing certificate authority CA at the time of manufacturing each entity. _T1 , PKC _T2 , Each of the target devices 10 ₁ , 10 ₂ And public key certificate PKC _G Is issued to the home gateway 20 and the public key certificate PKC _M Is issued to the mobile device 30.
[0103]
The remote access system is constructed in such a state that each entity can mutually authenticate through such a preparation phase P1.
[0104]
Next, the registration phase P2 will be described.
[0105]
In the remote access system, the steps shown in FIG. 12 are performed as a registration phase P2 for registering the portable device 30 as an arbitrary portable device as a device that accesses a resource.
[0106]
First, in the remote access system, as shown in the figure, in step S1, the attribute certificate authority AA issues the certificate in the preparation phase P1 and holds it in the home gateway 20. Public key certificate PKC _G Are used to perform mutual authentication with the home gateway 20. This mutual authentication is authentication for the home gateway 20 itself, and is for authenticating whether or not the home gateway 20 is valid.
[0107]
Subsequently, in the remote access system, in step S2, the attribute certificate authority AA sends the attribute certificate AC to the mobile device 30 when the home gateway 20 is connected to the user side and is connected for the first time. _P Attribute certificate AC for granting permission to issue _L Is issued to the home gateway 20. Accordingly, the home gateway 20 sends the attribute certificate AC transmitted from the attribute certification authority AA. _L Hold.
[0108]
Subsequently, in the remote access system, in step S3, according to an instruction from the user by the home gateway 20, a connected device, that is, the target device 10 is connected. ₁ , 10 ₂ Are registered, and the target device 10 is registered. ₁ , 10 ₂ The attribute certificate AC describing the proxy information described above for the portable device 30 that may be remotely accessed _P Is issued.
[0109]
Subsequently, in the remote access system, in step S4, the public key certificate PKC issued and held by the certificate issuing certificate authority CA in the above-described preparation phase P1 by the portable device 30. _M Are used to perform mutual authentication with the home gateway 20.
[0110]
In the remote access system, the attribute certificate AC transmitted from the home gateway 20 by the portable device 30 in step S5. _P Is stored and held in an IC card or the like, and a series of registration phases P2 is completed.
[0111]
In the remote access system, the portable device 30 can be registered as a device for accessing the resource by performing the registration phase P2 including such a series of steps. In the remote access system in which the mobile device 30 that accesses the resource is registered in this way, the registered mobile device 30 can perform any operation.
[0112]
Next, the access phase P3 will be described.
[0113]
In the remote access system, when the registered mobile device 30 accesses the resource, the process shown in FIG. 13 is performed as the access phase P3.
[0114]
First, in the remote access system, as shown in the figure, the public key certificate PKC held by the portable device 30 in step S11. _M Are used to perform mutual authentication with the home gateway 20.
[0115]
Subsequently, in the remote access system, the attribute certificate AC held by the portable device 30 in step S12. _P Is sent to the home gateway 20 and presented.
[0116]
Accordingly, in the remote access system, the attribute certificate AC presented from the portable device 30 by the home gateway 20 in step S13. _P Based on the content of the attribute certificate AC _P , A device designated as an access target, that is, the target device 10 ₁ , 10 ₂ Send to either or both.
[0117]
Subsequently, in the remote access system, in step S14, the target device 10 ₁ , 10 ₂ Attribute certificate AC transmitted from the home gateway 20 by either or both of _P The attribute certificate AC, such as the proxy information and attributes described above. _P Verify the contents of.
[0118]
In the remote access system, in step S15, the attribute certificate AC _P If the verification result is valid, in step S16, the target device 10 ₁ , 10 ₂ The access of the portable device 30 is permitted by either or both of the above, and the series of access phases P3 is completed. On the other hand, in the remote access system, in step S15, the attribute certificate AC _P If the verification result is invalid, in step S17, the target device 10 ₁ , 10 ₂ The access of the portable device 30 is denied by either or both of the above, and the series of access phases P3 is terminated.
[0119]
In the remote access system, the target device 10 is obtained through an access phase P3 composed of such a series of steps. ₁ , 10 ₂ Thus, the authority of the mobile device 30 can be determined, and the mobile device 30 permitted to access can perform any operation.
[0120]
Next, the access deletion phase P4 will be described.
[0121]
In the remote access system, when it is desired to exclude any portable device from the device that accesses the resource, the process shown in FIG. 14 is performed as the access deletion phase P4.
[0122]
First, in the remote access system, as shown in the figure, in step S21, the target device 10 is instructed by the home gateway 20 in accordance with an instruction from the user. ₁ , 10 ₂ Attribute certificate AC issued to portable device 30 that may be remotely accessed _P Create a CRL (ACRL) for and hold this CRL (ACRL).
[0123]
Thus, in the remote access system, the attribute certificate AC _P By creating a CRL (ACRL) for the mobile gateway 30, if the mobile device 30 accesses the home gateway 20, the home gateway 20 can deny access, and the mobile device 30 is accessed for resources. Can be excluded from the device. In particular, the remote access system uses the attribute certificate AC when there is a loan from the mobile device 30 among a plurality of users or when the mobile device 30 is lost due to circumstances of the mobile device 30. _P Only by creating a CRL (ACRL) for the mobile device 30, the mobile device 30 can be excluded from devices that access the resource.
[0124]
However, in the remote access system, by repeatedly performing such an operation, the size of the CRL (ACRL) increases, which may cause inconvenience in handling.
[0125]
Therefore, in the remote access system, when a legitimate user wants to exclude the mobile device 30 from the device accessing the resource by his / her own intention, the following steps S22 to S24 are performed following the processing of step S21. You may make it perform the process of.
[0126]
That is, in the remote access system, the public key certificate PKC held by the portable device 30 in step S22. _M Are used to perform mutual authentication with the home gateway 20.
[0127]
Subsequently, in the remote access system, the attribute certificate AC held by the portable device 30 in accordance with an instruction from the home gateway 20 in step S23. _P Is deleted.
[0128]
In the remote access system, in step S24, the home gateway 20 deletes the CRL (ACRL) created in step S21, and the series of access deletion phase P4 ends.
[0129]
In the remote access system, the portable device 30 can be excluded from the devices that access the resource through the access deletion phase P4 including such a series of steps.
[0130]
Finally, the access change phase P5 will be described.
[0131]
In the remote access system, when it is desired to change the authority of an arbitrary portable device, the process shown in FIG. 15 is performed as the access change phase P5.
[0132]
First, in the remote access system, as shown in the figure, in step S31, a new attribute certificate AC in which proxy information is described for the mobile device 30 in accordance with an instruction from the user by the home gateway 20 is shown. _P Issue.
[0133]
Subsequently, in the remote access system, the public key certificate PKC held by the portable device 30 in step S32. _M Are used to perform mutual authentication with the home gateway 20.
[0134]
In the remote access system, the new attribute certificate AC transmitted from the home gateway 20 by the portable device 30 in step S33. _P The original attribute certificate AC _P Is replaced and stored in an IC card or the like, and a series of access change phase P5 is completed.
[0135]
In the remote access system, the authority of the portable device 30 can be changed through the access change phase P5 including such a series of steps. Accordingly, in the remote access system, the mobile device 30 can perform a new arbitrary operation.
[0136]
As described above, the remote access system uses the attribute certificate AC describing the proxy information. _P Permission management can be performed using.
[0137]
Now, an application example in which such a remote access system is specifically applied will be described below. In addition, as described above, the resource in the present invention may be a device that logs in itself, and is a concept including data such as a file held by these devices and other various information. Specific examples of these resources are also mentioned.
[0138]
First, as an application example of a remote access system, there is a data access system that performs remote access to data held by an information processing terminal such as a home server or a personal computer.
[0139]
In this data access system, data held by a home server or information processing terminal is a resource, and an operation performed by a user using a portable device is data access to the home server or information processing terminal holding the data.
[0140]
In such a data access system, an attribute certificate AC describing appropriate proxy information by the home gateway. _P Is issued to the mobile device, and when the mobile device accesses the data, the attribute certificate AC _P Is presented to the home server or information processing terminal via the home gateway. Thereby, in the data access system, it becomes possible to access the data via the home gateway using the portable device.
[0141]
Thus, the remote access system can be applied to a data access system for data held by an information processing terminal such as a home server or a personal computer.
[0142]
As another application example of the remote access system, there is an information acquisition system by image capturing using a home appliance camera.
[0143]
In order to explain specifically, consider an information acquisition system that acquires, for example, the inventory of a refrigerator in the home as information. In this information acquisition system, the image inside the refrigerator becomes a resource, and the operation performed by the user using the portable device is the inventory check of the refrigerator by browsing the acquired image.
[0144]
In such an information acquisition system, the attribute certificate AC describing appropriate proxy information by the home gateway. _P Is issued to the portable device, and when the portable device accesses the refrigerator in which the home appliance camera is mounted, the attribute certificate AC _P To the refrigerator via the home gateway. Thereby, in the information acquisition system, even when the user is out, the home appliance camera is operated via the home gateway using the portable device possessed by the user, and the image inside the refrigerator is acquired. Is possible.
[0145]
In this way, the remote access system can be applied to an information acquisition system by image shooting using a home appliance camera.
[0146]
Furthermore, as another application example of the remote access system, there is an information acquisition system by photographing an image at an arbitrary place.
[0147]
To explain specifically, consider an information acquisition system that authenticates whether or not a member is a member by acquiring an image of a member card for proving that the member is a predetermined member. In this information acquisition system, an image of a member card in an arbitrary place such as a home becomes a resource, and an operation performed by a user using a portable device is a member by having the member card certifier view the image. Prove that.
[0148]
In such an information acquisition system, the attribute certificate AC describing appropriate proxy information by the home gateway. _P Is issued to the mobile device, and when the mobile device accesses the camera that shoots the membership card, the attribute certificate AC _P To the camera via the home gateway. Thereby, in the information acquisition system, even when the member card is not in the user's hand, the user operates the camera via the home gateway using the portable device possessed by the user to acquire the member card image. Is possible.
[0149]
As described above, the remote access system can be applied to an information acquisition system by photographing an image at an arbitrary place.
[0150]
Furthermore, as another application example of the remote access system, there is a home appliance operation system that performs home appliance operation by remote operation from outside.
[0151]
In order to explain specifically, for example, consider a home appliance operation system that performs an on / off operation of an air conditioner device in a home. In this home appliance operation system, the air conditioner device itself becomes a resource, and an operation performed by the user using the portable device is an access to a remote controller for remotely operating the air conditioner device as this resource.
[0152]
In such home appliance operation system, attribute certificate AC describing appropriate proxy information by the home gateway. _P Is issued to the mobile device, and when the mobile device accesses the remote controller, the attribute certificate AC _P Is presented to the remote controller via the home gateway. As a result, in the home appliance operation system, even when the user is out, the remote controller is operated via the home gateway using the portable device owned by the user, and the air conditioner device is turned on / off. The operation can be performed.
[0153]
Thus, the remote access system can be applied to a home appliance operation system that performs home appliance operations by remote operation from the outdoors.
[0154]
As described above, the remote access system shown as the embodiment of the present invention has the attribute certificate AC in which the proxy information is described. _P By performing authority management using, the target device 10 as a resource from the portable device 30 ₁ , 10 ₂ When performing remote access to each of the target devices 10 ₁ , 10 ₂ Control can be easily performed for each authority.
[0155]
This remote access system also uses the attribute certificate AC _P When using the target device 10 as a resource ₁ , 10 ₂ Through the home gateway 20 serving as the entrance to the network to which each belongs. ₁ , 10 ₂ Attribute certificate AC between each _P Attribute certificate AC _P Since the sending route is determined uniquely, the attribute certificate AC _P Can be confirmed and the security can be improved.
[0156]
The present invention is not limited to the embodiment described above. For example, in the above-described embodiment, the target device 10 to be accessed. ₁ , 10 ₂ The home gateway 20 serving as the entrance to the home network to which the _P However, the present invention is not limited to the attribute certificate AC. _P The home gateway 20 is not limited to the entity that issues _P Depending on the contents of the attribute certificate AC _P As long as it has a function of presenting to an appropriate presentation destination.
[0157]
As an example of this, an attribute certificate AC issued by a home gateway as an entrance to a network _P A remote access system for accessing resources belonging to other networks will be described using FIG.
[0158]
As shown in FIG. 16, this remote access system conceptually has a target device 10 belonging to the first home network. ₁ , 10 ₂ And these target devices 10 ₁ , 10 ₂ 20 as a gateway to the entrance of the first home network to which the ₁ And target device 10 ₁ , 10 ₂ Mobile device 30 possessed by the user for accessing ₁ And the target device 10 belonging to a second home network different from the first home network ₃ And this target device 10 ₃ 20 as a gateway to the second home network to which the ₂ And target device 10 ₃ Mobile device 30 possessed by another user to access ₂ Although not shown, the certificate issuing authority CA and the attribute authority AA are provided as entities.
[0159]
That is, in this remote access system, the system as shown in FIG. 6 configured by the first home network and the similar system configured by the second network such as other houses coexist. It is what.
[0160]
Target device 10 ₁ , 10 ₂ Are devices constituting the first home network, and are public key certificates PKC issued by a certificate issuing certificate authority CA (not shown). _T1 , PKC _T2 Hold these public key certificates PKC _T1 , PKC _T2 Use home gateway 20 ₁ Mutual authentication with Also, the target device 10 ₁ , 10 ₂ Are respectively mobile devices 30. ₁ Attribute certificate AC sent when accessing _P1 Home gateway 20 ₁ This attribute certificate AC received via _P1 Perform verification.
[0161]
Home gateway 20 ₁ Is the target device 10 ₁ , 10 ₂ Functions as an interface for mutually connecting the first home network to which the network belongs and other networks. Home gateway 20 ₁ Is a public key certificate PKC issued by a certificate issuing CA (not shown) _G1 Holds this public key certificate PKC _G1 Target device 10 using ₁ , 10 ₂ , Portable device 30 ₁ And mutual authentication with an attribute certification authority AA (not shown). Home gateway 20 ₁ The mobile device 30 ₁ Attribute certificate AC _P1 Attribute certificate AC for granting permission to issue _L1 Is issued by an attribute certificate authority AA (not shown), this attribute certificate AC _L1 Holds this attribute certificate AC _L1 Based on the mobile device 30 ₁ Attribute certificate AC _P1 Issue. Furthermore, the home gateway 20 ₁ The mobile device 30 ₁ Attribute certificate AC sent from _P1 When this attribute certificate AC is received _P1 The target device 10 ₁ , 10 ₂ Send to each and present.
[0162]
Furthermore, the home gateway 20 ₁ The attribute certificate AC will be described in detail after the information indicating the home gateway in the other network that can be accessed is described. _H Is issued by an attribute certificate authority AA (not shown), this attribute certificate AC _H Holds this attribute certificate AC _H Based on the home gateway 20 in the second home network ₂ It is possible to communicate with. Home gateway 20 ₁ This attribute certificate AC _H The home gateway 20 in the second home network ₂ To the target device 10 belonging to the second home network. ₃ Attribute certificate AC to obtain access permission for _P1 'Home gateway 20 ₂ Issued by the mobile device 30 ₁ For this attribute certificate AC _P1 Send '. And the home gateway 20 ₁ The mobile device 30 ₁ Attribute certificate AC sent from _P1 'Is received, this attribute certificate AC _P1 'The attribute certificate AC _H With home gateway 20 ₂ Send to and present. This attribute certificate AC _P1 'Will be described in detail later.
[0163]
Mobile device 30 ₁ Is usually the target device 10 belonging to the first home network. ₁ , 10 ₂ And the home gateway 20 through an insecure network NT such as the Internet. ₁ Can be connected to. Mobile device 30 ₁ Is a public key certificate PKC issued by a certificate issuing CA (not shown) _M1 Holds this public key certificate PKC _M1 Use home gateway 20 ₁ Mutual authentication with Mobile device 30 ₁ Is the target device 10 as a resource ₁ , 10 ₂ Attribute certificate for authenticating access to each _P1 Is home gateway 20 ₁ When issued by this attribute certificate AC _P1 Is stored in an IC card or the like. And portable device 30 ₁ Is the target device 10 ₁ , 10 ₂ Attribute certificate AC stored in an IC card or the like when attempting to access each of the _P1 This attribute certificate AC is obtained by performing a login operation using _P1 Home gateway 20 ₁ Send to and present.
[0164]
In addition, the mobile device 30 ₁ Is the target device 10 belonging to the second home network. ₃ Can also be targeted for access. At this time, the mobile device 30 ₁ Is the target device 10 as a resource ₃ Attribute certificate for authenticating access to _P1 'Home gateway 20 ₂ Issued by the home gateway 20 ₁ This attribute certificate AC via _P1 'Is received, this attribute certificate AC _P1 'Is stored by storing it in an IC card or the like. And portable device 30 ₁ Is the target device 10 ₃ Attribute certificate AC stored in IC card etc. when trying to access _P1 By performing login operation using ', this attribute certificate AC _P1 'Home gateway 20 ₁ Send to and present.
[0165]
Target device 10 ₃ Is a device constituting the second home network, and is a public key certificate PKC issued by a certificate issuing certificate authority CA (not shown). _T3 Holds this public key certificate PKC _T3 Use home gateway 20 ₂ Mutual authentication with Also, the target device 10 ₃ The mobile device 30 ₂ Attribute certificate AC sent when accessing _P2 Home gateway 20 ₂ This attribute certificate AC received via _P2 Perform verification. Furthermore, the target device 10 ₃ The mobile device 30 ₁ The mobile device 30 ₁ Attribute certificate AC sent when accessing _P1 'And home gateway 20 ₁ Attribute certificate AC sent by _H And the home gateway 20 ₂ These attribute certificates AC received via _P1 ', AC _H Perform verification.
[0166]
Home gateway 20 ₂ Is the target device 10 ₃ Functions as an interface for mutually connecting the second home network to which the network belongs and other networks. Home gateway 20 ₂ Is a public key certificate PKC issued by a certificate issuing CA (not shown) _G2 Holds this public key certificate PKC _G2 Target device 10 using ₃ , Portable device 30 ₂ And mutual authentication with an attribute certification authority AA (not shown). Home gateway 20 ₂ The mobile device 30 ₂ Attribute certificate AC _P2 Attribute certificate AC for granting permission to issue _L2 Is issued by an attribute certificate authority AA (not shown), this attribute certificate AC _L2 Holds this attribute certificate AC _L2 Based on the mobile device 30 ₂ Attribute certificate AC _P2 Is issued. Furthermore, the home gateway 20 ₂ The mobile device 30 ₂ Attribute certificate AC sent from _P2 When this attribute certificate AC is received _P2 The target device 10 ₃ Send to and present.
[0167]
Furthermore, the home gateway 20 ₂ The home gateway 20 ₁ To attribute certificate AC _H When this attribute certificate AC is received _H Attribute certificate AC based on _P1 'Home gateway 20 ₁ Issued against. And the home gateway 20 ₂ The home gateway 20 ₁ Mobile device 30 via ₁ Attribute certificate AC sent from _P1 'And home gateway 20 ₁ Attribute certificate AC sent from _H And these attribute certificates AC _P1 ', AC _H Target device 10 ₃ Send to and present.
[0168]
Mobile device 30 ₂ Is the target device 10 belonging to the second home network. ₃ To the home gateway 20 via a non-secure network NT such as the Internet. ₂ Can be connected to. Mobile device 30 ₂ Is a public key certificate PKC issued by a certificate issuing CA (not shown) _M2 Holds this public key certificate PKC _M2 Use home gateway 20 ₂ Mutual authentication with In addition, the mobile device 30 ₂ Is the target device 10 as a resource ₃ Attribute certificate for authenticating access to _P2 Is home gateway 20 ₂ When issued by this attribute certificate AC _P2 Is stored in an IC card or the like. And portable device 30 ₂ Is the target device 10 ₃ Attribute certificate AC stored in IC card etc. when trying to access _P2 This attribute certificate AC is obtained by performing a login operation using _P2 Home gateway 20 ₂ Send to and present.
[0169]
In such a remote access system, the above-mentioned two attribute certificates AC _L , AC _P In addition, two attribute certificates AC _H , AC _P1 'Is used.
[0170]
First, attribute certificate AC _H Will be described.
[0171]
Attribute certificate AC _H As described above, entities in other networks that can be accessed, specifically the home gateway 20. ₂ Is described, and is signed by the attribute certification authority AA (not shown) and the home gateway 20 ₁ It is issued against. For example, this attribute certificate AC _H The home gateway 20 as an entity in another network that can be accessed using the access permission information (Access Identity) among the fields in the attributes described above. ₂ Can be described.
[0172]
In a remote access system, the home gateway 20 as an entity in another network that can be accessed. ₂ Attribute certificate AC describing information indicating _H The home gateway 20 ₁ In response to a request from the home gateway 20 ₂ Can be issued by Thus, in the remote access system, this attribute certificate AC _H Home gateway 20 that holds ₁ Mobile device 30 via ₁ Is the target device 10 ₃ Can be accessed.
[0173]
Next, attribute certificate AC _P1 Explain '.
[0174]
Attribute certificate AC _P1 'Is the attribute certificate AC _P In the same way, the authority for a device or user holding a certain public key certificate is described. Here, the public key certificate PKC _M1 Mobile device 30 holding ₁ As an authority for the target device 10 as a resource belonging to the second home network ₃ The information to permit access to is described. For example, this attribute certificate AC _P1 'Is the attribute certificate AC described above for attributes _P In the same way as the authentication information (Service Authentication Information), access permission information (Access Identity), etc., if there is an access target, accessible operation (authority), and access authentication information, the authentication information Is described as proxy information (Proxy Info). _P1 Two home gateways 20 through ₁ , 20 ₂ Information such as an address and an identifier for identifying is described.
[0175]
Thus, in the remote access system, the mobile device 30 ₁ As an authority for the target device 10 as a resource belonging to the second home network ₃ The information indicating that the access is permitted is described, and the two home gateways 20 are used as proxy information. ₁ , 20 ₂ Attribute certificate AC with information on _P1 ', Home gateway 20 ₂ To home gateway 20 ₁ Mobile device 30 via ₁ Can be issued against. Thus, in the remote access system, the target device 10 ₃ Is this attribute certificate AC _P1 'Home gateway 20 ₂ The target in the proxy information, and the two home gateways 20 ₁ , 20 ₂ It will be verified that the attribute certificate is received via.
[0176]
In the remote access system, specifically, as shown in FIG. 11, the preparation phase P1, the registration phase P2, the access phase P3, the access deletion phase P4, and the access change phase P5 are performed. Is called. In the following, the mobile device 30 ₁ The target device 10 belonging to the second home network ₃ It will be described as accessing.
[0177]
First, the preparation phase P1 will be described.
[0178]
In the remote access system, as a preparation phase P1 for constructing the remote access system, a public key for authentication is issued to each entity by the certificate issuing certificate authority CA so that the entities can perform mutual authentication. Issue a certificate. That is, in the remote access system, as described above, the public key certificate PKC is issued by the certificate issuing certificate authority CA at the time of manufacturing each entity. _T1 , PKC _T2 , PKC _T3 , Each of the target devices 10 ₁ , 10 ₂ , 10 ₃ And public key certificate PKC _G1 , PKC _G2 , Respectively, for the home gateway 20 ₁ , 20 ₂ And public key certificate PKC _M1 , PKC _M2 , Respectively, for the mobile device 30 ₁ , 30 ₂ Issued against.
[0179]
The remote access system is constructed in such a state that each entity can mutually authenticate through such a preparation phase P1.
[0180]
Next, the registration phase P2 will be described.
[0181]
In the remote access system, the process shown in FIG. 17 is performed as a registration phase P2 for registering the portable device 30 as an arbitrary portable device as a device that accesses a resource.
[0182]
First, in the remote access system, as shown in the figure, in step S41, the attribute gateway is issued by the certificate issuing authority CA in the above-described preparation phase P1 by the attribute authority AA. ₁ Public key certificate PKC held in _G1 Using the home gateway 20 ₁ Mutual authentication with This mutual authentication is performed by the home gateway 20 ₁ Authentication for itself, the home gateway 20 ₁ It is for authenticating whether or not is valid.
[0183]
Subsequently, in the remote access system, in step S42, the attribute authentication authority AA performs the home gateway 20. ₁ The mobile device 30 is connected to the user side after the first connection. ₁ Attribute certificate AC _P1 Attribute certificate AC for granting permission to issue _L1 The home gateway 20 ₁ Issued against. At this time, in the remote access system, the home gateway 20 ₁ Is another home gateway 20 ₂ To access the home gateway 20 by the attribute authority AA. ₂ Attribute certificate AC with information indicating that it can be accessed _H The home gateway 20 ₁ Issued against. Accordingly, the home gateway 20 ₁ Are two attribute certificates AC transmitted from the attribute authority AA. _L1 , AC _H Hold.
[0184]
Subsequently, in the remote access system, in step S43, the home gateway 20 ₁ According to the instruction from the user, the connected device, that is, the target device 10 ₁ , 10 ₂ Are registered, and the target device 10 is registered. ₁ , 10 ₂ Each of the mobile devices 30 that may be remotely accessed ₁ Attribute certificate AC describing proxy information as described above _P1 Is issued.
[0185]
Subsequently, in the remote access system, the mobile device 30 ₁ To other home gateways 20 ₂ Via the target device 10 ₃ In step S44, the home gateway 20 is accessed. ₁ Attribute certificate AC held by _H The other home gateway 20 ₂ Attribute certificate AC that is sent and presented to and describes the proxy information described above _P1 'Is issued. Accordingly, the home gateway 20 ₂ Is the attribute certificate AC _P1 'And issue this attribute certificate AC _P1 'Home gateway 20 ₁ Send to.
[0186]
Subsequently, in the remote access system, in step S45, the mobile device 30 is used. ₁ Thus, the public key certificate PKC issued and held by the certificate issuing certificate authority CA in the preparation phase P1 described above _M1 Using the home gateway 20 ₁ Mutual authentication with
[0187]
In the remote access system, in step S46, the portable device 30 ₁ The home gateway 20 ₁ Attribute certificate AC sent from _P1 , AC _P1 'Is stored and held in an IC card or the like, and a series of registration phases P2 is completed.
[0188]
In the remote access system, the mobile device 30 is used as a device for accessing the resource through the registration phase P2 composed of such a series of steps. ₁ Can be registered. The mobile device 30 accessing the resource in this way ₁ In the registered remote access system, the registered mobile device 30 ₁ Can perform any operation.
[0189]
Next, the access phase P3 will be described.
[0190]
In the remote access system, the registered mobile device 30 ₁ When accessing the resource, the process shown in FIG. 18 is performed as the access phase P3.
[0191]
First, in the remote access system, as shown in FIG. ₁ Holds the public key certificate PKC _M1 Using the home gateway 20 ₁ Mutual authentication with
[0192]
Subsequently, in the remote access system, in step S52, the mobile device 30 is used. ₁ Attribute certificate AC held by _P1 , AC _P1 'Home gateway 20 ₁ Send to and present. Specifically, in the remote access system, the target device 10 ₁ , 10 ₂ In the case of accessing either or both of the mobile devices 30 ₁ Attribute certificate AC held by _P1 Home gateway 20 ₁ While sending and presenting to the target device 10 ₃ To access the mobile device 30 ₁ Attribute certificate AC held by _P1 'Home gateway 20 ₁ Send to and present.
[0193]
Here, in the remote access system, the mobile device 30 is used. ₁ Attribute certificate AC held by _P1 Home gateway 20 ₁ When the information is transmitted and presented, the same processing as that shown in steps S13 to S17 in FIG. ₁ Holds the attribute certificate AC _P1 'Home gateway 20 ₁ Will be described as being transmitted and presented.
[0194]
In the remote access system, in step S53, the home gateway 20 ₁ By the portable device 30 ₁ Attribute certificate AC presented by _P1 The proxy device information is verified, and the target device 10 belonging to the second home network different from the first home network in which the access target device is subordinate is owned by ₃ 2 attribute certificate AC _P1 ', AC _H The home gateway 20 that manages the second home network ₂ Send to and present.
[0195]
Subsequently, in the remote access system, in step S54, the home gateway 20 ₂ The home gateway 20 ₁ Two attribute certificates AC presented by _P1 ', AC _H Based on the content of the attribute certificate AC _P1 ', AC _H , A device designated as an access target, that is, the target device 10 ₃ Send to and present.
[0196]
Subsequently, in the remote access system, in step S55, the target device 10 ₃ The home gateway 20 ₂ Two attribute certificates AC sent from _P1 ', AC _H The attribute certificate AC, such as the proxy information and attributes described above. _P1 ', AC _H Verify the contents of.
[0197]
In the remote access system, in step S56, the attribute certificate AC _P1 ', AC _H If the verification result is valid, in step S57, the target device 10 ₃ By mobile device 30 ₁ Is permitted, and the series of access phases P3 is completed. On the other hand, in the remote access system, in step S56, the attribute certificate AC _P1 ', AC _H If the verification result is invalid, in step S58, the target device 10 ₃ By mobile device 30 ₁ Is denied, and a series of access phases P3 is terminated.
[0198]
In the remote access system, the target device 10 is obtained through the access phase P3 including such a series of steps. ₃ By mobile device 30 ₁ Of the mobile device 30 that is permitted to access and is permitted to access. ₁ Any operation can be performed.
[0199]
Next, the access deletion phase P4 will be described.
[0200]
In the remote access system, when it is desired to exclude any portable device from the device that accesses the resource, the process shown in FIG. 19 is performed as the access deletion phase P4. In the remote access system, the mobile device 30 ₁ Is the target device 10 ₁ , 10 ₂ Is the access target, the same processing as that shown in FIG. ₁ Is the target device 10 ₃ Mobile device 30 ₁ The target device 10 ₃ A case where the user wants to be excluded from the access device will be described.
[0201]
First, in the remote access system, as shown in FIG. ₁ In accordance with an instruction from the user, the target device 10 ₃ Mobile device 30 that may be remotely accessed ₁ Attribute certificate AC issued to _P1 CRL (ACRL) for 'Home Gateway 20 ₂ To request.
[0202]
Subsequently, in the remote access system, in step S62, the home gateway 20 ₂ The home gateway 20 ₁ Attribute certificate AC according to the request from _P1 Create a CRL (ACRL) for '.
[0203]
In the remote access system, in step S63, the home gateway 20 ₂ The created attribute certificate AC _P1 CRL (ACRL) for 'home gateway 20 ₁ Send to and distribute. Accordingly, the home gateway 20 ₁ The home gateway 20 ₂ Attribute certificate AC sent from _P1 Holds CRL (ACRL) for '.
[0204]
Thus, in the remote access system, the attribute certificate AC _P1 CRL (ACRL) for 'home gateway 20 ₂ By creating a portable device 30 ₁ To home gateway 20 ₁ Via the target device 10 ₃ When there is access to the home gateway 20 ₁ Access can be denied by the mobile device 30 ₁ Can be excluded from devices accessing the resource.
[0205]
Further, in the remote access system, as described above, when a legitimate user wants to exclude the mobile device 30 from the device that accesses the resource by his / her own intention, etc., following the processing of step S63, first, Processing similar to the processing shown in steps S22 to S24 in FIG. 14 may be performed.
[0206]
That is, in the remote access system, in step S64, the portable device 30 ₁ Holds the public key certificate PKC _M1 Using the home gateway 20 ₁ Mutual authentication with
[0207]
Subsequently, in the remote access system, in step S65, the home gateway 20 ₁ Follow the instructions from the mobile device 30 ₁ Attribute certificate AC held by _P1 Delete '.
[0208]
In the remote access system, in step S66, the home gateway 20 ₁ Thus, the CRL (ACRL) held in step S63 is deleted, and the series of access deletion phase P4 is completed.
[0209]
In the remote access system, the mobile device 30 passes through the access deletion phase P4 composed of such a series of steps. ₁ Target device 10 as a resource ₃ Can be excluded from the devices that access.
[0210]
In the remote access system, the target device 10 ₃ For convenience of the mobile device 30 ₁ The target device 10 ₃ If it is desired to exclude the device from accessing the device, the processing of step S61 is skipped, and the processing from step S62 is performed according to the instruction from the user.
[0211]
Finally, the access change phase P5 will be described.
[0212]
In the remote access system, when it is desired to change the authority of any portable device, the process shown in FIG. 20 is performed as the access change phase P5. In the remote access system, the portable device 30 for the resource in the first home network. ₁ When it is desired to change the authority of the mobile device 30, the same processing as that shown in FIG. 15 may be performed. Here, the mobile device 30 for the resource in the second home network is used. ₁ The case where it is desired to change the authority of will be described.
[0213]
First, in the remote access system, as shown in FIG. ₁ According to the instruction from the user, the stored attribute certificate AC _H The other home gateway 20 ₂ A new attribute certificate AC that is sent and presented to and describes proxy information _P1 'Is issued. Accordingly, the home gateway 20 ₂ The new attribute certificate AC _P1 'And issue this attribute certificate AC _P1 'Home gateway 20 ₁ Send to.
[0214]
Subsequently, in the remote access system, in step S72, the mobile device 30 is used. ₁ Holds the public key certificate PKC _M1 Using the home gateway 20 ₁ Mutual authentication with
[0215]
In the remote access system, in step S73, the mobile device 30 ₁ The home gateway 20 ₁ New attribute certificate AC sent from _P1 'The original attribute certificate AC _P1 Is replaced with 'and stored in an IC card or the like, and a series of access change phase P5 is completed.
[0216]
In the remote access system, the mobile device 30 passes through the access change phase P5 composed of such a series of steps. ₁ The authority of can be changed. Thereby, in the remote access system, the portable device 30 ₁ Can perform a new arbitrary operation.
[0217]
As described above, the remote access system uses the attribute certificate AC describing the proxy information. _P1 'Is normally used for the mobile device 30 ₁ It is possible to perform authority management for resources in the second home network that cannot be accessed from.
[0218]
Thus, according to the present invention, the home gateway as the entrance of the network that can be normally accessed by the mobile device is assigned the attribute certificate AC to the mobile device. _P Any entity such as a home gateway as an entrance to another network _P The home gateway may issue an attribute certificate AC. _P Anything that can verify the contents of is acceptable.
[0219]
Further, in the above-described embodiment, it has been described that the resource in the home network is accessed. However, the present invention can be applied to any network.
[0220]
Furthermore, in the above-described embodiment, the description has been given using the portable device as the access device for the resource. However, the present invention is not limited to the portable device, and any device can be applied. Can do.
[0221]
Furthermore, according to the present invention, the operation of each entity can be realized not only by hardware but also by software. When the present invention is realized by software, for example, each function can be realized by executing a remote access program for performing the above-described remote access by a CPU (Central Processing Unit) included in each entity. The remote access program can be provided by a predetermined recording medium such as a so-called compact disc or a transmission medium such as the Internet.
[0222]
Thus, it goes without saying that the present invention can be modified as appropriate without departing from the spirit of the present invention.
[0223]
【The invention's effect】
As described above in detail, the remote access system according to the present invention is a remote access system that accesses a predetermined resource from a remote location, and the remote access system includes an access target device to be accessed, The access device includes an access device that accesses the access target device, and a connection device that acts as a proxy for the access target device with respect to the access device, and the access device has an access right to the resource. Proxy information for the connected device to serve as a proxy for the access target device Is described attribute Storage means for storing a certificate, and the storage means stored in the storage means attribute Certificate Connected equipment Against Send Present First Presenting means, and the connection device includes: Second presenting means for transmitting and presenting the attribute certificate received from the access device to the access target device designated as the access target The access target device includes: Based on the verification result by the verification unit, the verification unit for verifying the access authority and the content of the proxy information described in the attribute certificate received from the connected device, Determination means for determining access permission of the access device to the resource When Is provided.
[0224]
Therefore, the remote access system according to the present invention describes at least the access authority to the resource in the certificate, and transmits and presents this certificate from the access device to the access target device via the connected device, By verifying access of the access device, it is possible to easily perform control in units of authority for each resource, and it is possible to check a certificate transmission route and improve security.
[0225]
The remote access method according to the present invention includes an access target device to be accessed, an access device that accesses the access target device, and a connection device that acts as a proxy for the access target device with respect to the access device. A remote access method for accessing a predetermined resource from a remote location in a remote access system comprising: the access device has an access right to the resource Proxy information for the connected device to serve as a proxy for the access target device Is described attribute The certificate is stored in the storage means, and the certificate stored in the storage means attribute Certificate Connected equipment And the connected device is The attribute certificate received from the access device is transmitted and presented to the access target device designated as the access target The access target device is The access authority and the proxy information described in the attribute certificate received from the connected device are verified, and the verification result To determine access permission of the access device for the resource.
[0226]
Therefore, in the remote access method according to the present invention, at least the access authority to the resource is described in the certificate, and the certificate is transmitted from the access device to the access target device via the connected device and presented, and the resource By verifying the access of the access device, it becomes possible to easily control in units of authority for each resource, and it is possible to check the route for sending the certificate and improve security. Become.
[Brief description of the drawings]
FIG. 1 is a diagram for explaining a format of a public key certificate.
FIG. 2 is a diagram for explaining the format of a public key certificate, and for explaining the remaining items following the items shown in FIG.
FIG. 3 is a diagram illustrating a format of an attribute certificate.
FIG. 4 is a diagram for explaining the format of an attribute certificate and explaining the remaining items following the items shown in FIG. 3;
FIG. 5 is a diagram for explaining an authority proxy function;
FIG. 6 is a conceptual diagram of a remote access system shown as an embodiment of the present invention.
7 is a diagram showing an excerpt of each field in the attribute among the items of the attribute certificate shown in FIG.
FIG. 8 is a diagram for explaining an authority management method using the concept of roles.
9 is a diagram showing an excerpt of each field in the extended information among the items of the attribute certificate shown in FIG.
10 is a diagram for explaining specific description contents of proxy information in extended information among the items of the attribute certificate shown in FIG. 4; FIG.
FIG. 11 is a flowchart for explaining each phase performed in the remote access system;
FIG. 12 is a flowchart for explaining a series of steps as a registration phase in the remote access system.
FIG. 13 is a flowchart for explaining a series of steps as an access phase in the remote access system.
FIG. 14 is a flowchart for explaining a series of steps as an access deletion phase in the remote access system.
FIG. 15 is a flowchart for explaining a series of steps as an access change phase in the remote access system.
FIG. 16 is a conceptual diagram of a remote access system shown as another embodiment of the present invention.
FIG. 17 is a flowchart for explaining a series of steps as a registration phase in the remote access system.
FIG. 18 is a flowchart for explaining a series of steps as an access phase in the remote access system.
FIG. 19 is a flowchart for explaining a series of steps as an access deletion phase in the remote access system, and a series of steps when a portable device is excluded from devices that access a target device belonging to another network; It is a flowchart for demonstrating a process.
FIG. 20 is a flowchart for explaining a series of steps as an access change phase in the remote access system, for explaining a series of steps when changing authority of a mobile device for a resource in another network; It is a flowchart.
[Explanation of symbols]
10 ₁ , 10 ₂ , 10 ₃ Target device, 20, 20 ₁ , 20 ₂ Home gateway 30, 30 ₁ , 30 ₂ Mobile device, AA attribute authority, AC, AC _H , AC _L , AC _L1 , AC _L2 , AC _P , AC _P1 , AC _P2 , AC _P1 'Attribute certificate, AS authority claiming server, AU ₁₁ , AU ₁₂ , ..., AU ₂₁ , AU ₂₂ , ... Authority, CA certificate issuing CA, CL client, M ₁ , M ₂ , M ₃ Individual, NT network, PKC _G , PKC _G1 , PKC _G2 , PKC _M , PKC _M1 , PKC _M2 , PKC _T1 , PKC _T2 , PKC _T3 Public key certificate, R ₁ , R ₂ Role, RA Role Certification Authority, RAAC Role Assignment Certificate, RSAC Role Definition Certificate, VR Authority Verification Server

Claims (6)

A remote access system for accessing a predetermined resource from a remote location,
The remote access system
Access target device to be accessed,
An access device for accessing the access target device;
It consists of a connected device that acts as a proxy for the access target device with respect to the access device,
The access device is:
Storage means for storing an access certificate for the resource and an attribute certificate in which proxy information for the connected device to serve as a proxy for the access target device is described;
First attribute means for transmitting and presenting the attribute certificate stored in the storage means to the connected device ;
The connection device is
Second attribute means for transmitting and presenting the attribute certificate received from the access device to the access target device designated as the access target ;
The access target device is:
Verification means for verifying the access authority and the content of the proxy information described in the attribute certificate received from the connected device;
Remote access system, characterized in that on the basis of the verification result by the verification means, and a determining means for determining permission of said access device to said resource. The remote access system according to claim 1, wherein the connection device connects a network including the access target device to another network. A certificate authority that issues an issuance permission certificate that is a certificate for granting permission to issue the attribute certificate to the access device;
The remote access system according to claim 1, wherein the connection device issues the issue permission certificate issued by the certificate authority to the access device. The attribute certificate, the role information that indicates a role given to the connected device, remote access of claim 3, wherein the including information that gives permission to issue the attribute certificate to the access device system. The remote access system according to claim 1, further comprising a certificate authority that issues a public key certificate based on a public key cryptosystem to each entity constituting the remote access system. Access target device to be accessed,
An access device for accessing the access target device;
With respect to the access device, in a remote access system comprising a connection device that acts as a proxy for the access target device,
A remote access method for accessing a predetermined resource from a remote location,
The access device is:
Storing in the storage means an attribute certificate in which proxy information for the access authority to the resource and the connected device to serve as a proxy for the access target device is described;
Presenting the attribute certificate stored in the storage means to the connected device ;
The connection device is
The attribute certificate received from the access device is transmitted to the access target device designated as the access target and presented ,
The access target device is:
Verifying the access authority and the content of the proxy information described in the attribute certificate received from the connected device;
A remote access method, wherein access permission of the access device for the resource is determined based on a verification result .

Images